Security professional Michael Boelen writes about Linux security, system hardening, and related subjects. He worked as a consultant for multinational companies before he started CISOfy. Michael is involved with open source software and created several projects. Among them are Rootkit Hunter (rkhunter), a malware scanner for Linux and other platforms. He is also the creator and lead developer of Lynis, a tool that helps with hardening Linux systems. You can find more information about Michael on his website https://michaelboelen.com or via Twitter.

Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

Introduction into Ed25519 OpenSSH 6.5 added support for Ed25519 as a public key type. It is using an elliptic curve signature scheme, which offers better security than ECDSA and DSA. At the same time, it also has good performance. This type of keys may be used for user and host keys. With this in mind, it is great to be used together with OpenSSH. In this article, we have a look at this new key type. DSA or RSA Many […]

Read more

Linux hardening with sysctl settings

The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While securing the kernel looks easy at first sight, there is more to it than initially meets the eye. We will have a look at some kernel options and how to select the best sysctl values for Linux systems. After reading this article […]

Read more

Why Auditing and Vulnerability Scanning are Different Things

Why Auditing and Vulnerability Scanning are Different Things As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping […]

Read more

The Most Influential Linux Security Blogs

Linux Security Blogs Finding quality blogs about Linux security can be challenging. We made an effort to seek the best and most influential blogs on the internet. What makes it influential? It should have quality articles, regularly updated and tailored to Linux or UNIX security. The countless “How to” websites are skipped. Months of searching and reading resulted in a list of blogs, sorted by category. If you are interested in the developments on Linux security, add them to your […]

Read more

Linux History: How Dot Files Became Hidden Files

The history of hidden files Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. The story begins many years ago when the first file systems were created on UNIX. To allow easy navigation, a single file with a dot (.) was added to each directory. Secondly, a double dot file (..) was added to easily move up in the directory structure. As these files had no real data in them, […]

Read more

The Difference Between Auditing and Vulnerability Scanning

Technical Auditing and Vulnerability Scanning Why both look the same, yet have subtle differences When talking about auditing, I see that most technical people immediately think about vulnerability scanning. While they definitely have things in common, there are also a lot of minor differences. In this blog post I will show them, and also share how technical auditing and vulnerability scanning can work together. Similarities and Differences Let’s first determine what makes technical auditing and vulnerability scanning look similar. First […]

Read more

Secure Software Development: CII Best Practices

Best Practices from the Core Infrastructure Initiative Last month the Core Infrastructure Initiative, or CII, launched their CII best practices project. Its primary goal is to gamify the process of building more secure software. Let’s have a look at the project, and how it can help. Open Source and Security If we look in the open source world of software, we see that many projects were created by volunteers. While doing this voluntary, this doesn’t say anything about the quality of the […]

Read more

Audit Installed Compilers and Their Packages

Compilers and security Compilers can be the gateway for an attacker. By misusing a possible weakness in your system(s), a compiler is often used to build the related exploit code. One way to prevent this is to determine what compilers are installed and remove (or restrict) them. Comparing Installed Packages and Compilers One way to audit the system is creating a list of common compilers and packages, then match these with the installed packages. Common compilers Some of the tools found related […]

Read more

Vulnerability Scanning: The Destiny to Disappointment?

The Need Of Vulnerability Management Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure. We already know […]

Read more

How the web changes with HTTP/2: Performance and Security

Changes to the web: HTTP/2 Performance and Security On invitation by the Dutch consultancy firm Snow, I attended their Snow Unix Event (SUE). It was the third time in a row, with again an impressive lineup of speakers. As I worked previously for the company, I expected no less than that. The theme was about knowledge sharing. That sounds like an invitation to also share some of the biggest insights I learned. Let’s start with the HTTP/2 insights by Daniel […]

Read more

How Linux Security Fails to be Simple

Linux Security Should be Simple, Right? Why that is not a reality, and we might never achieve it. Linux gained great popularity over the last 10 years, powering our servers and smartphones. With all the efforts put in creating more secure software, it seems installing security updates will remain a weekly task. Will this ever change? Security is Hard Properly securing a system means different things for different people. So let’s take the assumption that every system has a particular […]

Read more

Linux DNS Tuning for Performance and Resilience

DNS Configuration on Linux We often don’t realize the importance of DNS, or name resolving in our infrastructure. The impact when things go (slightly) wrong is huge. Time to have a good look at improving our DNS configuration. How DNS resolving works When your Linux system needs to know the IP address of a particular host, it will use gethostbyname(3) function. This will use the nsswitch configuration stored in /etc/nsswitch.conf. For the related hosts line, it will determine how to […]

Read more

What is the ‘toor’ user on FreeBSD?

What is the ‘toor’ user on FreeBSD? Linux and *BSD systems have by default a root user installed. As it has a user ID of zero (0), it gains the highest level of permissions from the kernel. On FreeBSD systems, there is also the ‘toor’ user, with the equal high-level user ID of zero. It is simply the reversed version of ‘root’, and installed as a backup account. By default, it has no shell assigned, so it can’t log in. […]

Read more

Understanding Linux Privilege Escalation and Defending Against It

What is Linux privilege escalation? Privilege escalation is the process of elevating your permission level, by switching from one user to another one and gain more privileges. For example, a normal user on Linux can become root or get the same permissions as root. This can be authorized usage, with the use of the su or sudo command. It can also be unauthorized, for example when an attacker leverages a software bug. Especially this last category of privilege escalations is […]

Read more
12345615